Thursday, July 28, 2005

Setting up transparent proxy server

Hi all,

Today, while setting up ip for my internal network, i found out that i have run out of IPs and the internet access was very slow. I ran into a situation called "bottleneck". A situation where a road becomes narrow with heavy traffic. How to speed up this? The answer is proxy server.

On with the theory
Proxy server is a server that can cache visited web pages. Dynamic web pages are not cached. When a client access a website, the proxy server , on behalf of the client access the website and cache it. the next the client or other client wants to connect to the site, the proxy server just give the cached site to the client. Thus reducing the response time from the actual site.

Transparent proxy
In a normal proxy case, you have to set manually for each client to connect to outside. It is not a practical solution if you have a lot of workstations + many apps to connect to the internet. What is more practical solution? The answer is "transparent proxy" and now iptables comes into play.

What you have to do first?
1. Setup a server
OS : Linux (whatever flavor you want)
proxy server : Squid (install the latest one)
utilities : netfilter packages (for iptables)

Your squid.conf location is dependent on how you install squid package. If u use source code and compile it without tweaking ./configure options, meaning it is in /usr/local/squid/etc. If you use your package manager, it is in /etc. Wherever it is, you have to edit it before you can use it as a transparent proxy.

What to edit
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src
http_access allow localhost
http_access allow lan

Please change "lan" to suit your network environment. This file is heavily documented. Please read the comments before you change anything unless you know what you're doing.

I don't want to explain in detail on how to setup linux for your server. Please consult your spesific Linux distribution HOWTOs and FAQs. After you have complete setting up Linux, you should setup SQUID. More information on squid, pls visit squid usually readily packaged for your distro. You should check that first whether you can just install it from CD. If not, you have to download from the link above.

After you have edited squid.conf, this is the iptables command you should run on the proxy server.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
provided that your proxy server is using port 3128. If not, change it accordingly.

Tuesday, July 19, 2005

Setting up virus scanner for mail server

This task is quite simple and the tools are readily available on the internet. In the spirit of Open Source, may of the tools are made free and come with source code. Binary version for may distros are available too. It's only a matter of choice and how we're going to set things up.

Clam antivirus is one of the best antiviri around. So far she can detect almost 97% of Windows viri and worms. Those viri are always reached our computers over network and internet. The main medium is email. I personally got in average 5 to 10 emails containing virus. That's why, antivirus is really important these days.

This is a script invoked by procmail to scan and send a notice to the sender if the mail contains virus. trasscan comes with clamav package.

Setting up procmailrc for scanning

# procmail configuration for TrashScan:
# ZapCoded by Trashware; 13.10.2002

# [ ... ]

# ----------------------------------------------------------------------------- #
# Virus scan section ... #
# ----------------------------------------------------------------------------- #

# 1. Run TrashScan
* multipart
* !^X-Virus-Scan:
| /usr/local/sbin/trashscan

# 2. Filter tagged virus mails
* ^X-Virus-Scan: Suspicious

The last line will delete the mail containing virus.

Sunday, July 17, 2005

Setting up Spam Detection System for mail server

For over a month, I did a research on how to install, configure and test spam detection system on mail server which i manage. Here's the quick step :

1. Install spamassassin from I use spamc and spamd and not the perl version. Advantage: faster for bz server.

2. Make this setting in /etc/mail/spamassassin/local.conf

# SpamAssassin user preferences file.
# See 'man Mail::SpamAssassin::Conf' for
# details of what can be tweaked.

# score needed to deem an email to be spam.
# the lower the score, the more likely the email
# will be classified as spam. default is 5, but
# I have found that 4 works a little bit better
required_hits 4

# if you find an email from an address classified
# as spam that should
# *never* be classified as spam, add it to the whitelist
whitelist_from *

# if you receive an email from an address that will
# always be spam, add it to the blacklist (comma separated)

# Whitelist and blacklist addresses are now
# file-glob-style patterns, so
# "", "*",
# or "*" will all work.

# append the subject line with "[SPAM]"
# if you do not want the subject line altered,
# just remove this line
subject_tag [SPAM]

3. Make sure procmail is installed. use 'which procmail' to know. if not, go to to download and install.

4. Test for one user first. configure .procmailrc in one user home directory like this:

## Set to yes when debugging


## Put '#' before LOGFILE if you want
# no logging (not recommended)

:0fw: spamassassin.lock

# The following three lines move messages tagged
# as spam to a folder called "spam-folder" If you
# want mail to stay in your inbox, just
# delete the lines

* ^X-Spam-Status: Yes

Update :
You could replace spam-folder with /dev/null if you want the spam mails to be automatically deleted as below (Not Recommended):

* ^X-Spam-Status: Yes

Note : The 3 last lines is important for automatic moving of spam mails to 'spam-folder'. Spam mails are marked [SPAM] in their subject and this mark is user-definable.

Ok. That's all there is to it. Test it for a month and hope that spam mails ever reach the spam-folder. :-) I bet they will.

Wednesday, July 6, 2005

Internet is ready

yesterday i managed to move the servers from old building to the new building. here are the pics just taken before I wrote this blog.

Technician Room

Computers are ready to be serviced!

Sunday, July 3, 2005

No network huh?

Since 2 weeks ago, the new building was waiting for me to put all my stuff there but I just couldn't. Why? because the internet is not there yet. How can I work without it? My work needs an internet connection. So what should I do? Not moving!. and it is worth cause the UITM registration tomorrow needs internet connection to register the new students online. If I did move, I have to carry all the servers and routers and swtches to the old building. Actually I was waiting for TMNet personal to call me about the line at the new building yesterday but no one call.

Now I'm at office chatting and sms'ing my friend. One is my ex-student and the other one is my chatting friend. Network at the new building is still not complete yet. Lab 1 and 2 will be completed in a day or 2. I can't wait to keep my hands dirty configuring and troubleshhoting the new network. I noticed yesterday that the new switches were all 3com.